#VU104919 Buffer overflow in Linux kernel - CVE-2022-49100


Vulnerability identifier: #VU104919

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49100

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the init() and fini() functions in drivers/char/virtio_console.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/0f3d824bd70a1303464d5e93ee3e7afe7832fe89
https://git.kernel.org/stable/c/3504b0a177208eda85bf472bbf7c9aa77d2b8343
https://git.kernel.org/stable/c/3fd5dee7404ce40c79cba468bb2510115639d975
https://git.kernel.org/stable/c/44c2d5fbe7b2bd1f8cb114d608a591a73a5d4ae6
https://git.kernel.org/stable/c/71612aee09ecea3475f8751dc841d75a011b1fd0
https://git.kernel.org/stable/c/7deaddb704713608e0ae559e27185581b9af71a0
https://git.kernel.org/stable/c/93e3d88321d2274fa4e26b006e19cc10fec331c2
https://git.kernel.org/stable/c/c69b442125bf009fce26e15aa5616caf8a3673c3
https://git.kernel.org/stable/c/fefb8a2a941338d871e2d83fbd65fbfa068857bd

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
Buffer overflow in Linux kernel char driver